App Review Windows Defender vs Ransomware! (Shocking Results?)

[monkeylove]

Majority of malware will cause no slowdown (specially true for RATs and infostealers). Malware that causes slowdown, by the time user feels it, it would have already done its job.
Security setups, even when overcomplicated, fail too.

Good habits, such as avoiding torrents, cracks, keygens and other pirated content, not believing everything seen in emails as well as on ad banners, knowing that if something is too good to be true then it probably is, all that goes a long way and is less prone to failure (like everything else, not 100%).
For these habits, you don’t need to obtain masters in cybersecurity. Of course, it is naive to believe that everyone will have them, hence different security apps exist.

Even on business environments, employees are expected to be trained. When they are not, layered security setups fail and it is a recipe for disaster.
Highly technical and sophisticated attacks rarely happen, majority of times there will be some very obvious tell-tale signs.
For example, that email from GM will be coming from protonmail.com, not from the company domain.
Attackers pray for and prey upon the attacked user not to pay attention and to take shortcuts.
Remember that Linus Tech Tips account takeover, had he noticed that the “contract” pdf is 700MB (highly impossible for a legit pdf to be this size) he wouldn’t have been hacked. His security failed.

So it’s important for people to:
1.) pay their dues
2.) pay attention
3.) refuse to do what they are told in email and over the phone, rather log-in to their online account
The layered security setup is then optional but not unnecessary.
A lot of security apps blindly trust signed, reputable executables, so supply chain attacks will go right through in any case.
Supply chain attacks however are extremely rare, much more frequently, DJVU/Stop ransom and Agent Tesla are infecting systems because someone wanted a cracked game.
This is why, when investigating botnets, frequently it’s discovered that vast majority of the infrastructure is in third-world countries, where users are much more likely to rely on piracy.
On Android, majority of issues lie in apps that I got no clue why anyone over the age of 12 will want to install, table below provided by Bitdefender.

Spoiler: Table

Qasim.Llc	Steelrbasic@gmail.com	https://personalitycharginshow[.]xyz
ALCANTARA.Lab	TipAprilb@gmail.com	https://smartqrscanner1[.]xyz
Baig.Corp	Ississppifinest2@gmail.com	https://animatesstickermaster[.]xyz
Hamid.Apps	jemarchag@gmail.com	https://gps1ocationfinder[.]xyz
Emmanuel.Llc	Quintonjxus@gmail.com	https://mygps123123[.]xyz
Jamie.Lab	jjamiemunoz417@gmail.com	https://artgirlswallpaperhd[.]xyz
Bennington.Llc	kkarlbennington@gmail.com	https://catsimulator1[.]xyz
Josh.Lnc	huhua.luc@gmail.com	http://smartwifii123[.]xyz
Vern.Apps	Vernl3138@gmail.com	https://imagewarpcamera[.]xyz
VILORIA.Corp	Jamelpmac@gmail.com	https://smartqrcreator1[.]xyz
Abid.Studio	ita.mita594@gmail.com	https://colorizeoldphoto[.]xyz
Adeel.Studio	ikvznj@gmail.com	https://smartaps1ocation[.]xyz
Haq.Corp	Wycliffedennis07@gmail.com	https://secrethoroscope1[.]xyz
Nadeem.Apps	KnowMonty@gmail.com	https://volumecontroll[.]xyz
Cedrick.Corp	Cedrickoayz@gmail.com	https://gps1ocationmaps[.]xyz
RICHARD.Lnc	Flossiezxe@gmail.com	https://girlsartwallpaper[.]xyz
Sushil.Dev	tacie.bush@gmail.com	https://mediavolumeslider[.]xyz
Haider.Studio	Eduardoaunx@gmail.com	https://sleepsoundss[.]xyz
Kumar.Apps	Randytzjp@gmail.com	https://qrcreatorr12[.]xyz
Waseem.Llc	MarquisDunlap35@gmail.com	https://secretastrology[.]xyz/
Butt.Corp	eterbrellocvx@gmail.com	https://colorizephotos[.]xyz/
Vledern Studio	deernivle67@gmail.com	-

Even to properly layer your security, knowledge is still required. Nowadays there are loads of resources users can absorb, if they are lazy, it’s on them. That OEM McAfee won’t help them much.

TLDR: between a trained user that knows what they are doing and a user who installs an arsenal of security tools, the latter is more prone to getting an infection. One can always be both.

Exactly. When one says one hasn't been infected, how would one know?

The reason why security programs included more features is because you can't provide enough "training" for users. Another is because you can't always tell if you're infected.

 

[monkeylove]

Yes it definitely is possible to be infected and not know it, because no antivirus provides 100% protection. However this has not happened to me. Sure, it could happen at some point. But since I know the chances of my PC getting infected are very small, I'm not concerned about it. Once again, the 5% chance means absolutely nothing without some context. Is it that users in general have a 5% change of getting infected, or is it a different scenario?

If there's no slowdown and nothing you perceive as wrong, then how do you know that the system isn't infected?

The 5-percent chance came from actual infection rates reported across many years and was discussed in this thread. I mention this because it's at least more logical than anecdotes, which might not only be hasty generalizations but also can't be proven in forums where no ID verification is needed.

 

[monkeylove]

What's the route of infection here. How did it get there, it doesn't just magically crawl in your system.

Is it in a 3rd party app or document you downloaded or an email or social media link you clicked, or from surfing to an infected website, or some silly extension you had to have that you didn't bother to get or verify since you didn't have time.

Oh yeah, that's right, it still hinges on the users habits.

Yes, but if it came from a legit site like your bank (and they didn't detect it, either), how do "habits" help?

 

[monkeylove]

Oh I understand completely. You are confused.

Habits are everything when it comes to security. You just demonstrated it without realizing with your article.

Gamers having to disable security to play games that are riddled with vulnerability and highly targeted and can't figure out why they just got nailed, hmm . Might as well state that users need to disable those security's too for cracks and keygens to work so they can play for free and still not figure out why they are getting nailed.

Adding 3rd party vulnerability to the system expanding the attack surface, and disabling security to do so, sounds very much like habits to me, bad ones.

Must you resort to personal insults?

You are a decades-long customer of a bank, and you know their security measures and trust them. You've been using their site for years to do business.

Their site was just infected, and they didn't know it, and neither did you. You didn't detect any slowdown in your system, and nothing unusual, following the same "habits".

How did "habits" help you then?

Microsoft was not talking about gamers who are using cracks and keygens but whose games slowed down because of core isolation. The only advice the company could give was to turn it off when they played games and then don't forget to turn them on after playing.

Not just third-party security software (I think you meant that and not vulnerability) expands the attack surface, but so do the features that users want and added by developers, for which the third-party security software developed in the first place. By the way, it's not just third-party software but also first-party ones, like Defender, e.g., core isolation is a new feature.

 

[monkeylove]

well said

That is why Bill called his OS Windows, so both malware and security enthousiasts could brick it

Reminds me of that article about vulnerabilities and operating systems:

Analysis shows over the last decade Windows 10 had fewer vulnerabilities than Linux, Mac OS X and Android

An analysis of the National Institute of Standards and Technology’s National Vulnerability Database has shown that, if the number of vulnerabilities is any indication of exploitability, Windows 10 appears to be a lot safer than Android, Mac OS or Linux. Over the last decade, Debian Linux had...

mspoweruser.com

I think one point to consider is that operating systems are vulnerable, and they become more vulnerable if you add more features.

Meanwhile, more users want more features, and more operating systems become more popular if they include those features.

Malware developers usually target popular operating systems.

The vulnerabilities are usually know only after attack takes place, and the systems need to be patched to stop them. There's a cost for patching, and it can be covered with payment from users, who in turn, and mentioned earlier want operating systems with more features.

In which case, to avoid all that you should probably use the least popular operating system, which means you get let go of many features you want. Otherwise, don't go online and don't let anyone use your machine.

 

[roger_m]

If there's no slowdown and nothing you perceive as wrong, then how do you know that the system isn't infected?

Because multiple scanners report that my system is clean. If my system was infected and my antivirus and second opinion scanners didn't detect it at the time, sooner or later some scanners would detect the infection. This has never happened and I go for years between reinstalls of Windows. For example, right now it's well over five years since I did a clean install of Windows.

 

[roger_m]

The 5-percent chance came from actual infection rates reported across many years and was discussed in this thread. I mention this because it's at least more logical than anecdotes, which might not only be hasty generalizations but also can't be proven in forums where no ID verification is needed.

Once again, context is needed. Is it 5% of all Windows PCs that get infected? If that's the case, then it's not a 5% chance of infection for everyone. For example, users who are careful about what files they open are going to be infected much less often than users who open random email attachments, or use pirated software. So it's meaningless to keep repeating 5% on its own.

 

[Trident]

Once again, context is needed. Is it 5% of all Windows PCs that get infected? If that's the case, then it's not a 5% chance of infection for everyone. For example, users who are careful about what files they open are going to be infected much less often than users who open random email attachments, or use pirated software. So it's meaningless to keep repeating 5% on its own.

Calculating such round percentage is anecdotal at best, only an AV company with ages of telemetry would be able to produce some verdict.
Who came up with this number and where?

Such calculation (being a prediction) is more for a machine learning model, taking into account age, region, knowledge and skills, how interested they are in IT as an overall, what protection they use, have they got admin access, attack surface and others.
A user at the age of 15 is more likely to execute a file, once in GData ads (@struppigel) called bubu.exe


Without proper user behaviour monitoring, nobody can calculate the chance of getting malware executed, it’s not one-size-fits-all prediction.

 

[Practical Response]

Must you resort to personal insults?

You are a decades-long customer of a bank, and you know their security measures and trust them. You've been using their site for years to do business.

Their site was just infected, and they didn't know it, and neither did you. You didn't detect any slowdown in your system, and nothing unusual, following the same "habits".

How did "habits" help you then?

Microsoft was not talking about gamers who are using cracks and keygens but whose games slowed down because of core isolation. The only advice the company could give was to turn it off when they played games and then don't forget to turn them on after playing.

Not just third-party security software (I think you meant that and not vulnerability) expands the attack surface, but so do the features that users want and added by developers, for which the third-party security software developed in the first place. By the way, it's not just third-party software but also first-party ones, like Defender, e.g., core isolation is a new feature.

Personal insults? Because I stated you are confused?

Maybe its because I have stated that good habits will help users more then layered security will any day, but never once did I mention only using good habits without security. This all started because you claimed that layered security of the enthusiast nature is the only way to stay safe now days and even then I'm not convinced you believe that, as you find more ways to tell users that nothing they can do will ever stop them from being infected.

Now that I have that out of the way, as this really is getting tiresome, with the same ole repeated nonsense.

How does one go about defending against drive by downloads or exploit kits via websites he asks.

Well to start, you can enable your browsers "click to play" option to avoid plugin-required content from automatic installation. You need to take steps as such "again good habits" to help reduce the risk, among these are making sure your browser and operating systems are always up to date, patched from exploitable vulnerabilities, same with whatever security solution you are using, making sure its signatures ect are up to date, pay attention to the address/URL for legitimacy, remove unnecessary 3rd party applications from your system to lesson the attack surface and bugs, you know what likes bugs and vulnerabilities, you guessed it, drive by downloads. Use traffic filtering such as DNS. Refrain from storing passwords in your browser and keeping personal information on your system "again with the its not convenient but will save you a headache" that not even any security platform can guarantee "don't believe me, go ask someone that had security, didn't bother with good habits, got hit by ransomware and now wishes they can find a way to unencrypt all their important personal items.

So bottom line is, nothing is fool proof, although using habits along with manageable security will carry a user a long way. Just using layerd security falls into, more vulnerability, misconfiguration, and not using habits with it, well again, go ask the user with encrypted files.

I have literally repeated mostly the same thing in at least 5 or more posts in this thread, so if I did not articulate it well enough this time I apologize, but at this point I digress.

 

[monkeylove]

Because multiple scanners report that my system is clean. If my system was infected and my antivirus and second opinion scanners didn't detect it at the time, sooner or later some scanners would detect the infection. This has never happened and I go for years between reinstalls of Windows. For example, right now it's well over five years since I did a clean install of Windows.

Exactly, and using multiple scanners is part of software protection.

 

[monkeylove]

Once again, context is needed. Is it 5% of all Windows PCs that get infected? If that's the case, then it's not a 5% chance of infection for everyone. For example, users who are careful about what files they open are going to be infected much less often than users who open random email attachments, or use pirated software. So it's meaningless to keep repeating 5% on its own.

It's the second one and was discussed in one thread in this forum. That's what I remember, and it's based on reports for the last five years or more.

This is different from a forum anon who says his PC hasn't been infected, offers no proof, and concludes that his experiences are part of a representative sampling.

 

[monkeylove]

Calculating such round percentage is anecdotal at best, only an AV company with ages of telemetry would be able to produce some verdict.
Who came up with this number and where?

Such calculation (being a prediction) is more for a machine learning model, taking into account age, region, knowledge and skills, how interested they are in IT as an overall, what protection they use, have they got admin access, attack surface and others.
A user at the age of 15 is more likely to execute a file, once in GData ads (@struppigel) called bubu.exe


Without proper user behaviour monitoring, nobody can calculate the chance of getting malware executed, it’s not one-size-fits-all prediction.

I remember that it wasn't anecdotal and based on results from AV Comparatives and others for several years.

This is in contrast to personal statements made in this forum and in others.

 

[monkeylove]

Personal insults? Because I stated you are confused?

Maybe its because I have stated that good habits will help users more then layered security will any day, but never once did I mention only using good habits without security. This all started because you claimed that layered security of the enthusiast nature is the only way to stay safe now days and even then I'm not convinced you believe that, as you find more ways to tell users that nothing they can do will ever stop them from being infected.

Now that I have that out of the way, as this really is getting tiresome, with the same ole repeated nonsense.

How does one go about defending against drive by downloads or exploit kits via websites he asks.

Well to start, you can enable your browsers "click to play" option to avoid plugin-required content from automatic installation. You need to take steps as such "again good habits" to help reduce the risk, among these are making sure your browser and operating systems are always up to date, patched from exploitable vulnerabilities, same with whatever security solution you are using, making sure its signatures ect are up to date, pay attention to the address/URL for legitimacy, remove unnecessary 3rd party applications from your system to lesson the attack surface and bugs, you know what likes bugs and vulnerabilities, you guessed it, drive by downloads. Use traffic filtering such as DNS. Refrain from storing passwords in your browser and keeping personal information on your system "again with the its not convenient but will save you a headache" that not even any security platform can guarantee "don't believe me, go ask someone that had security, didn't bother with good habits, got hit by ransomware and now wishes they can find a way to unencrypt all their important personal items.

So bottom line is, nothing is fool proof, although using habits along with manageable security will carry a user a long way. Just using layerd security falls into, more vulnerability, misconfiguration, and not using habits with it, well again, go ask the user with encrypted files.

I have literally repeated mostly the same thing in at least 5 or more posts in this thread, so if I did not articulate it well enough this time I apologize, but at this point I digress.

Stop attacking me and others. Instead, attack the points.

You talk about tweaking software. That's not a "good habit" but what users have to do because they forget. That's why our discussion is getting tiresome: you keep contradicting yourself.

Another "good habit" is to make sure that signature databases are updated. Actually, that's not the only thing: you need to check the security program every few hours (or less?) to see if everything is updated. And you need to do that for all of the other software in your system. And what happens if that doesn't work?

See what's happening? Indeed, nothing is fool-proof, but notice how "good habits" keep shifting to make up for that. First, it involves just visiting "legit" sites and using "legit" software. Next, it's tweaking software not to run things automatically, let even "legit" software sit for several days (or maybe weeks) to see if they're safe, but no comment on "legit" sites. And before that uploading the app to a site to have it checked (maybe post the URL of the site to have it checked, too? periodically? how many times?). And to make sure, run the app in a sandbox, and so on.

And now traffic filtering?

In the real world, most people forget to do all of these things. Why do you think Defender and other software keeps getting updated with the features you mention, and run them automatically?

 

[monkeylove]

Problem is some people are security OverInthusiasts
You know that saying, even pudding is not great when it’s over-egged…

More features, more vulnerabilities, greater potential for damage.

 

[roger_m]

It's the second one and was discussed in one thread in this forum. That's what I remember, and it's based on reports for the last five years or more.

This is different from a forum anon who says his PC hasn't been infected, offers no proof, and concludes that his experiences are part of a representative sampling.

I'm not sure specifically what you are referring to when you mention the second one. Anyway no matter what the context is, the 5% means absolutely nothing in my specific case, as I'm not getting infected. I've visited hundreds or thousands of random websites without getting infected. Not because of an antivirus stopping me from getting infected, but because it is very rare to get infected just by visiting a website on a patched PC. I don't need to prove anything to a random person on the internet. I speak based on years of experience and have no reason to mislead anyone, but if you choose not to believe me I couldn't care less. Particularly when it seems you are unsure of what you're saying. As an example you said "I think it's possible for malware to reside on systems without the user knowing it." You bizarrely think you know best, yet you weren't even sure about an obvious thing like that.

 

[Practical Response]

Stop attacking me and others. Instead, attack the points.

You talk about tweaking software. That's not a "good habit" but what users have to do because they forget. That's why our discussion is getting tiresome: you keep contradicting yourself.

Another "good habit" is to make sure that signature databases are updated. Actually, that's not the only thing: you need to check the security program every few hours (or less?) to see if everything is updated. And you need to do that for all of the other software in your system. And what happens if that doesn't work?

See what's happening? Indeed, nothing is fool-proof, but notice how "good habits" keep shifting to make up for that. First, it involves just visiting "legit" sites and using "legit" software. Next, it's tweaking software not to run things automatically, let even "legit" software sit for several days (or maybe weeks) to see if they're safe, but no comment on "legit" sites. And before that uploading the app to a site to have it checked (maybe post the URL of the site to have it checked, too? periodically? how many times?). And to make sure, run the app in a sandbox, and so on.

And now traffic filtering?

In the real world, most people forget to do all of these things. Why do you think Defender and other software keeps getting updated with the features you mention, and run them automatically?

1. You stated above habits were not enough and what about a legitimate website infection, I listen two things one can change easily if they felt that habits were not enough but of course you twist this.

2. Do you check your bank every few hours, probably not, so really not a serious reply, just another attempt much like your accusations of attacking while you carry this on. Keep in mind anyone reading this is now being derailed from good advice by your attempts to cause problems.

3. If you wish to be lazy without habits that is your choice, if you wish to have your 3rd party app try to protect you from yourself, again, your choice. Is it a wise choice, well you determine that and hopefully the readers see through your attempts here as I do.

 

[Practical Response]

More features, more vulnerabilities, greater potential for damage.

Exactly the point I've been trying to make you claim is not correct.

 

[Practical Response]

Exactly, and using multiple scanners is part of software protection.

Let's get back on topic shall we, the discussed video that started this, was because I stated that with imaging personal backups stored off line would have negated this particular issue. Let's get down to the malware removal forum and ask the latest user to post a ransomware infection about the security they had, how it got bypassed and why they are desperately trying to to find a way to decrypt all their important files now.

Then tell me again how "habits" would not of saved the day, this time try not deflecting with infostealers and other scenarios that have not happened in the video. Try placing advice that would help a user in this scenario as obviously the security they had in place failed, just as it did for the user in the help section.

 

[Andy Ful]

The discussion about which is better (or more important) resembles a great audition (slightly satiric) from Polish radio: "About the superiority of Easter over Christmas" (O wyższości świąt Wielkiejnocy nad świętami Bożego Narodzenia).

Back to the topic.
I do not think that one can prove the superiority of "Layered protection" over "Good habits" (and vice versa). For example, I prefer "Good habits" for me, and "Layered protection" for my family and friends.
It is like a confrontation in the court when one party says "I am innocent" and the second "You are guilty", with no witnesses.
Simply, there is no sufficient research about "Layered protection" and "Good habits", and personal experience can always be questioned.

Some people will not learn good habits, similarly to those who will never learn mathematics. Even if you spend much time learning them, they cannot fully rely on good habits. The same can be true with "Layered protection". It cannot protect someone who cannot resist running shady stuff and turns off the protection.

 

[Practical Response]

The discussion about which is better (or more important) resembles a great audition (slightly satiric) from Polish radio: "About the superiority of Easter over Christmas" (O wyższości świąt Wielkiejnocy nad świętami Bożego Narodzenia).

Back to the topic.
I do not think that one can prove the superiority of "Layered protection" over "Good habits" (and vice versa). For example, I prefer "Good habits" for me, and "Layered protection" for my family and friends.
It is like a confrontation in the court when one party says "I am innocent" and the second "You are guilty", with no witnesses.
Simply, there is no sufficient research about "Layered protection" over "Good habits", and personal experience can always be questioned.

Some people will not learn good habits, similarly to those who will never learn mathematics. Even if you spend much time learning them, they cannot fully rely on good habits. The same can be true with "Layered protection". It cannot protect someone who cannot resist running shady stuff.

It's a agree to disagree at this point.

Balanced good habits with security has been my position here. Layered security not properly configured leads to vulnerability aka expanding the attack surface. While you as a truly advanced person could implement such security for your family and maintain it, most here could not.

Trying to convince users here to use Windows as it was designed, simply setting a admin account with several "standard user accounts for family" seems to be too daunting for most.

So recommending contingencies should something happen coupled with habits to minimize with no matter what security they are running seems the best viable solution. Encouraging users not to over lap security, expand their attack surface with more bugs, vulnerabilities, misconfurarions, but bolster habits of taking time to verify things, and always keep things backed up seems to me the better way.